zdm/envoy
Archived
3
Fork 0
Code Issues 22 Pull Requests Releases 1 Wiki Activity

fixed security vulnerability (complete password hash is printed)

Browse Source
This commit is contained in:
delvh
2020-03-29 10:28:05 +02:00
parent a63df92f50
commit 4acc130af7
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/main/java/envoy/data/LoginCredentials.java
View File

@@ -54,8 +54,8 @@ public class LoginCredentials implements Serializable {
public String toString() { public String toString() {
try (Formatter form = new Formatter()) { try (Formatter form = new Formatter()) {
form.format("LoginCredentials[identifier=%s,passwordHash=", identifier); form.format("LoginCredentials[identifier=%s,passwordHash=", identifier);
for (byte element : passwordHash) for (int i = 0; i < 3; i++)
form.format("%02x", element); form.format("%02x", passwordHash[i]);
return form.format(",registration=%b]", registration).toString(); return form.format(",registration=%b]", registration).toString();
} }
} }